Full Disclosure mailing list archives
RE: Pattern matching search tool
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 06 Jan 2005 10:38:18 -0600
--On Thursday, January 06, 2005 08:07:13 AM +0530 "ALD, Aditya, Aditya Lalit Deshmukh" <aditya.deshmukh () online gateway expertworks net> wrote:
Dear paul I think you answered your own question over here - its perl!
Yeah, I'm beginning to think that's what I'm going to have to do.
I apologize for the vague nature of my request. I'm not looking for tools that can analyze network traffic. I already have plenty of those. I'm looking for tools that can search my network for *computers* that have *passive* (or active) content that I'd rather they didn't have.However there is another tool ntop that I use quite a lot.
The example I gave was phpBB. If a worm named Santy comes out that attacks phpBB *specifically*, I'd like to know how many machines on my network have phpBB on them *regardless* of whether or not they have any active traffic.
There's a number of ways to do this manually. You can Google for it, then check each box to see if it still has the installation (things change, you know.) You could run nessus and correlate the data. You could run nmap looking for the open ports (like 80) and then do some banner grabbing.
But all these methods involve labor *and* require that you react to an event. I'm looking for something *proactive* that can "crawl" my network and report (by email or to mysql, etc.), that can be automated but allows me to do "special" searches if I want to.
Sort of a combination of ngrep, ntop, nessus, p0f, webcrawler, open port searcher, grep, find, locate, etc., etc. A "Swiss army knife" discovery tool, if you will.
And the more I think about it, the more I feel a perl script coming on. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Pattern matching search tool Paul Schmehl (Jan 06)
- Re: Pattern matching search tool Alain Fauconnet (Jan 05)
- Re: Pattern matching search tool Florian Weimer (Jan 06)
- RE: Pattern matching search tool ALD, Aditya, Aditya Lalit Deshmukh (Jan 06)
- RE: Pattern matching search tool Paul Schmehl (Jan 06)